In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.
Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.
We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use.
Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.
Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…
All npm accounts are now enrolled in login verification
Dependabot alerts: persisted after fix, now one per advisory
With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science.
How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)
Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.
This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.
In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.
It’s been a busy time of the year for our Hubbers (GitHub employees). We’ve been shipping products, getting ready for launches, and taking some much needed time off for the…
We recently set about creating a framework and service for automatically generating social sharing images for repositories and other resources on GitHub.
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
Can agreement terms be a great user experience? This was the challenge GitHub’s legal department set for itself last year. We’re excited to announce all-new GitHub Customer Terms for our…
The open source community is always hard at work. February’s projects were super hard to pick since there are so many amazing releases. These are exciting new releases from some…
In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.
In this second post of the series, I’ll exploit a use-after-free in the Payment component of Chrome (1125614/GHSL-2020-165), a bug that I reported in September 2020 that only affected version 86 of Chrome, which was in beta. I’ll use it to escape the Chrome sandbox to gain privilege of a third party App on Android from a compromised renderer.
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
